Simultaneous sessions and deleting stale sessions

Anirudh Malhotra 8zero2ops at gmail.com
Mon Oct 3 12:13:03 CEST 2016


Hi,

I have a 2 tier question
First would mention the simultaneous verify query for reference
simul_verify_query = "\
        SELECT \
                 radacctid, acctsessionid, username, nasipaddress,
nasportid, framedipaddress, \
                                 callingstationid, framedprotocol \
        FROM ${acct_table1} \
        WHERE username = '%{SQL-User-Name}' \
        AND acctstoptime IS NULL"
One:
I see many posts for deletion of stale sessions not working, One particular
post which pretty close to solving the non working problem was:
http://lists.freeradius.org/pipermail/freeradius-users/2015-November/080816.html

The posts conclusion was that fake accounting packet doesnt have the same
acct-session-id as that of the stale session that is why it is not able to
close it. As acct-unique-session-id(md5 of some attributes including
acct-session-id NAS-Identifier etc) comes out to be different.

 But what i found from a little analysis was that actually the
acct-session-id is not the problem but the "NAS-Identifier" is. The
NAS-Identifier was being sent in a normal accounting packet(atlease in my
case maybe not in somebody else's) but it was not being sent in the "fake
accountng query" as it is not present in the radacct table it is not
fetched from the table as can be seen in the query above. So the
acct-unique-session-id calculated has two different values one in case the
normal accounting packet comes and other if fake accounting packet comes,
Thus failing over to insertion as updation would not pass. The
acct-session-id was coming out to be the same as the stale session's so
that was not the problem. Please shed some light on this.

Two:
I noticed some anomaly in simultaneous verify query in sql and when the
attributes are selected to actually delete stale sessions, I am running
3.0.11.

which selects radacctid, acctsessionid, username, nasipaddress, nasportid,
framedipaddress, callingstationid, framedprotocol. That is 8 attributes
from the radacct table. And somehow my stale sessions were all getting
acctsessiontime as 0 so on reading the source code which goes like:
while (rlm_sql_fetch_row(inst, request, &handle) == 0) {
                row = handle->row;
                if (!row) {
                        break;
                }

                if (!row[2]){
                        RDEBUG("Cannot zap stale entry. No username present
in entry");
                        rcode = RLM_MODULE_FAIL;

                        goto finish;
                }

                if (!row[1]){
                        RDEBUG("Cannot zap stale entry. No session id in
entry");
                        rcode = RLM_MODULE_FAIL;

                        goto finish;
                }

                if (row[3]) {
                        nas_addr = inet_addr(row[3]);
                }

                if (row[4]) {
                        nas_port = atoi(row[4]);
                }

                check = rad_check_ts(nas_addr, nas_port, row[2], row[1]);
                if (check == 0) {
                        /*
                         *      Stale record - zap it.
                         */
                        if (inst->config->delete_stale_sessions == true) {
                                uint32_t framed_addr = 0;
                                char proto = 0;
                                int sess_time = 0;

                                if (row[5])
                                        framed_addr = inet_addr(row[5]);
                                if (row[7]){
                                        if (strcmp(row[7], "PPP") == 0)
                                                proto = 'P';
                                        else if (strcmp(row[7], "SLIP") ==
0)
                                                proto = 'S';
                                }
                                if (row[8])
                                        sess_time = atoi(row[8]);
                                session_zap(request, nas_addr, nas_port,
                                            row[2], row[1], framed_addr,
                                            proto, sess_time);
                        }
                }

The code above makes use of 9 attributes last one being(row[8])
acctsessiontime which was not getting fetched in the query. For that reason
it always picks the value as 0 for acctsessiontime which is not ideal(a
guess).

BR,
Anirudh Malhotra
Mail: 8zero2.in at gmail.com
Facebook: www.facebook.com/8zero2
Twitter: @8zero2_in
Blog: blog.8zero2.in


More information about the Freeradius-Users mailing list